<?php
include __DIR__ . "/config/cors.php";
include __DIR__ . "/database.php";

$nid = @$_GET['nid'];
$context = @$_GET['context'];
$username = @$_GET['username'];

if (!isset($nid) or !isset($context)) {
    echo json_encode([
        "code" => 201,
        "message" => "必要参数传递有误"
    ]);
    exit;
}

if (!isset($username)) {
    echo json_encode([
        "code" => 203,
        "message" => "请登陆后在评论"
    ]);
    exit;
}

$db = new DB();
$sql = "select * from user where username = '$username'";
$data = $db->selectOne($sql);
if (is_array($data) and count($data) > 0) {
    $uid = $data['id'];
    $sql = "insert into review (nid, uid, context,time) values ('$nid', '$uid', '$context',NOW())";
    if ($db->execute($sql)) {
        echo json_encode([
            "code" => 200,
            "message" => "评论成功"
        ]);
    } else {
        echo json_encode([
            "code" => 205,
            "message" => "评论失败"
        ]);
    }
} else {
    echo json_encode([
        "code" => 203,
        "message" => "请登陆后在评论"
    ]);
}